RUBY-1100 Don't share OpenSSL::Digest::SHA1 object between scram conversations

estolfo · estolfo · commit 855e11d6a943 · 2016-07-07T14:15:52.000+01:00
diff --git a/lib/mongo/auth/scram/conversation.rb b/lib/mongo/auth/scram/conversation.rb
@@ -290,7 +290,7 @@ def first_bare
         #
         # @since 2.0.0
         def h(string)
-          DIGEST.digest(string)
+          digest.digest(string)
         end
 
         # HI algorithm implementation.
@@ -305,7 +305,7 @@ def hi(data)
             data,
             Base64.strict_decode64(salt),
             iterations,
-            DIGEST.size
+            digest.size
           )
         end
 
@@ -317,7 +317,7 @@ def hi(data)
         #
         # @since 2.0.0
         def hmac(data, key)
-          OpenSSL::HMAC.digest(DIGEST, data, key)
+          OpenSSL::HMAC.digest(digest, data, key)
         end
 
         # Get the iterations from the server response.
@@ -451,6 +451,12 @@ def validate!(reply)
           raise Unauthorized.new(user) unless reply.documents[0][Operation::Result::OK] == 1
           @reply = reply
         end
+
+        private
+
+        def digest
+          @digest ||= OpenSSL::Digest::SHA1.new.freeze
+        end
       end
     end
   end
